Cloud computing has moved from being a mere buzzword to a level where it has become an indispensable aspect of enterprise computing today. The benefits of opting for the cloud model are
Now, security professionals have a chance to make things happen and become business enablers by wholeheartedly embracing the cloud, helping organizations to manage and lower the risks involved with moving to the cloud. Varied jobs in cloud computing have emerged. Let us consider some of the key parameters to focus on in the cloud computing paradigm.
Security audit will be a pivotal service, providing new jobs in cloud computing environments. With cloud computing the data resides on a third-party infrastructure, but managing the security and risks still remains the ultimate responsibility of the customer rather than the cloud owner. Security audits are thus essential to provide assurance of the robustness of the cloud setup’s security posture.
Organizations need to extend their regulation and compliance compulsions to the cloud, so if you seek jobs in cloud computing as an auditor, you should hone your skills in various compliance standards such as PCI-DSS, HIPPA and ISO 27001.
As cloud computing harbors security risk, security auditors should elevate their skills to understand the cloud-specific risks for jobs in cloud computing. Security audit services are in great demand, and for jobs in cloud computing, a CISA certification provides a solid foundation in IT audit and compliance areas. Going a step further, CCSK is the new certification dedicated to cloud security. CISSP is the evergreen and most respected security certification, and for jobs in cloud computing, CISSP-certified security professionals can definitely add value in architecting, designing, managing and securing cloud infrastructure.
Security in virtualization
Security professionals need to extend their skills to cover virtual environments for jobs in cloud computing. There are a host of virtual products in the market, but all have vulnerability and security issues surrounding them. Security professionals need to focus and improve skills in virtualization security areas, as virtualization is here to stay.
Access management & identity solutions
With data and applications stored on the cloud, strong access management and identity management solutions are essential. Providing employees with the right access to business-critical information will be the shared responsibility of cloud owners and customers. The demand for deploying access management and identity management solutions will grow, and hence there will be a lot of scope for jobs in cloud computing in this area.
Compliance and regulation expertise
Securing the data on the cloud is important from a regulation and compliance point of view. Customers are keen to extend their compliance to the cloud. Cloud service providers are engaging in SAS 70 audits, PCI-DSS audits and ISO 27001 implementation to assure their customers’ security and privacy, as well as enable their customers to remain compliant.
Cloud providers are facing increasing pressure to demonstrate compliance with various regulations and standards. Information security professionals can play an important role for the cloud provider in this regard, opening up more jobs in cloud computing.
The product space
Security products and solutions help in safeguarding data on the cloud. Most security product companies are extending their products to serve the cloud. If you are a security product solutions expert, you too should extend your expertise to cover cloud security products and solutions implementation, to increase your value in the cloud computing jobs market.
Business continuity and DR
Business continuity and disaster recovery plans can be comprehensively implemented via the cloud with a very low-cost model. CBCP certification can elevate your skills in business continuity and designing DR solutions for the cloud. The BS 25999 standard certification from BSI also equips individuals with adequate knowledge of business continuity planning and IT resilience, prior to seeking jobs in cloud computing.
VA/ PT service
As hackers perpetrate increasingly sophisticated attacks on enterprise networks, vulnerability assessment and penetration testing assumes importance. The cloud service providers need to conduct VA/PT periodically and could employ their own penetration testers, who in turn might be utilized by customers as well. For cloud computing jobs in this area, there are several VA/PT certifications such as CEH, CHFI and LPT from the EC Council, or GPEN from GIAC.
It was Francis Bacon who once said, “A wise man will make more opportunities than he finds.” This definitely applies to the realm of jobs in cloud computing, and security professionals need to go out there and create opportunities for themselves and benefit from this new paradigm.
This was first published in May 2012